redalert

SolarWinds is a popular event management/monitoring tool that is often integrated into ServiceNow. Most folks that I know have done this integration via Inbound Email Actions.

I worked with a client a year ago that wanted to leverage the ability of SolarWinds to perform an HTTP Post to a URL whenever there was a qualifying alert. They wanted to configure ServiceNow to handle that POST and create an Incident record in their ServiceNow instance.

This particular client was okay with the endpoint being a public endpoint that did not require authentication. We were able to quickly configure their instance to accept these inbound HTTP posts from solar winds using a small scripted processor.

Please note that this is not a production script. It is generic in nature so you can build it out to your own needs. It could easily be enhanced to handle other parameters from the SolarWindows alert coming into the instance.

The Processor

Name: solarwind_alert
Active: true
Type: script
Path: solarwind_alert
Script:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
var alarm = new Object();

/*
 * We could iterate through all of the URL parameters to make
 * intelligent decisions about how to handle this request,
 * but in this example, we will just write each URL parameter
 * and its value to a logging string
 */

var urlParamList = g_request.getParameterNames();
var paramMsg = ""; //we're going to log parameter info here
while(urlParamList.hasMoreElements()){
    var param = urlParamList.nextElement();
    var value = ""+g_request.getParameter(param);
    paramMsg += ("Parameter: ["+param+"] has a value of: "+value+"\n");
  alarm[param] = value;
}

//Possible Debug Logging statements if needed
//gs.log("Parameters: " + paramMsg);
//JSUtil.logObject(alarm);

var gr = new GlideRecord("imp_notification");
gr.initialize();
gr.message = alarm.description;
gr.comments = alarm.description;
gr.source = alarm.asset;
//For this example, we assume every alert coming it is unique
//and therefore are just setting a random UUID for the alert.
//In real life this would be an alert or alarm ID coming from
//SolarWinds
gr.uuid = Math.floor((Math.random()*1000000)+1);
gr.insert();

Of course we had to add this alert to the sys_public table in the instance so that SolarWinds could POST to it without authenticating.

ServiceNow_Service_Automation

Now the SolarWinds system just needed to be configured to post its alert data to:

https://MYINSTANCE.service-now.com/solarwind_alert.do